1 /* $OpenBSD: relayd.h,v 1.276 2024/10/28 19:56:18 tb Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #ifndef RELAYD_H 22 #define RELAYD_H 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/queue.h> 27 #include <sys/tree.h> 28 #include <sys/time.h> 29 #include <sys/un.h> 30 31 #include <net/if.h> 32 #include <net/pfvar.h> 33 34 #include <stdarg.h> 35 #include <limits.h> 36 #include <siphash.h> 37 #include <event.h> 38 #include <imsg.h> 39 40 #include <openssl/ssl.h> 41 #include <tls.h> 42 43 #ifndef nitems 44 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 45 #endif 46 47 #define CONF_FILE "/etc/relayd.conf" 48 #define RELAYD_SOCKET "/var/run/relayd.sock" 49 #define PF_SOCKET "/dev/pf" 50 #define RELAYD_USER "_relayd" 51 #define RELAYD_ANCHOR "relayd" 52 #define RELAYD_SERVERNAME "OpenBSD relayd" 53 #define CHECK_TIMEOUT 200 54 #define CHECK_INTERVAL 10 55 #define EMPTY_TABLE UINT_MAX 56 #define EMPTY_ID UINT_MAX 57 #define LABEL_NAME_SIZE 1024 58 #define TAG_NAME_SIZE 64 59 #define TABLE_NAME_SIZE 64 60 #define RT_LABEL_SIZE 32 61 #define MAX_NAME_SIZE 64 62 #define SRV_MAX_VIRTS 16 63 #define TLS_NAME_SIZE 512 64 #define TLS_CERT_HASH_SIZE 128 65 #define RELAY_MAX_PREFETCH 256 66 #define RELAY_MIN_PREFETCHED 32 67 68 #define FD_RESERVE 5 69 70 #define RELAY_MAX_BACKLOG 512 71 #define RELAY_TIMEOUT 600 72 #define RELAY_CACHESIZE -1 /* use default size */ 73 #define RELAY_NUMPROC 3 74 #define RELAY_MAXHOSTS 32 75 #define RELAY_MAXHEADERLENGTH 131072 76 #define RELAY_DEFHEADERLENGTH 8192 77 #define RELAY_STATINTERVAL 60 78 #define RELAY_BACKLOG 10 79 #define RELAY_MAXLOOKUPLEVELS 5 80 #define RELAY_OUTOF_FD_RETRIES 5 81 #define RELAY_MAX_HASH_RETRIES 5 82 #define RELAY_TLS_PRIV_TIMEOUT 1000 /* wait 1sec for the ca */ 83 84 #define CONFIG_RELOAD 0x00 85 #define CONFIG_TABLES 0x01 86 #define CONFIG_RDRS 0x02 87 #define CONFIG_RELAYS 0x04 88 #define CONFIG_PROTOS 0x08 89 #define CONFIG_ROUTES 0x10 90 #define CONFIG_RTS 0x20 91 #define CONFIG_CA_ENGINE 0x40 92 #define CONFIG_CERTS 0x80 93 #define CONFIG_ALL 0xff 94 95 #define SMALL_READ_BUF_SIZE 1024 96 #define ICMP_BUF_SIZE 64 97 #define ICMP_RCVBUF_SIZE 262144 98 99 #define AGENTX_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */ 100 101 #define PROC_PARENT_SOCK_FILENO 3 102 #define PROC_MAX_INSTANCES 32 103 104 #if DEBUG > 1 105 #define DPRINTF log_debug 106 #define DEBUG_CERT 1 107 #else 108 #define DPRINTF(x...) do {} while(0) 109 #endif 110 111 /* Used for DNS request ID randomization */ 112 struct shuffle { 113 u_int16_t id_shuffle[65536]; 114 int isindex; 115 }; 116 117 typedef u_int32_t objid_t; 118 119 struct ctl_status { 120 objid_t id; 121 int up; 122 int retry_cnt; 123 u_long check_cnt; 124 u_int16_t he; 125 }; 126 127 struct ctl_id { 128 objid_t id; 129 char name[MAX_NAME_SIZE]; 130 }; 131 132 struct ctl_relaytable { 133 objid_t id; 134 objid_t relayid; 135 int mode; 136 u_int32_t flags; 137 }; 138 139 enum fd_type { 140 RELAY_FD_CERT = 1, 141 RELAY_FD_CACERT = 2, 142 RELAY_FD_CAFILE = 3, 143 RELAY_FD_KEY = 4, 144 RELAY_FD_OCSP = 5, 145 RELAY_FD_CLIENTCACERT = 6 146 }; 147 148 struct ctl_relayfd { 149 objid_t id; 150 objid_t relayid; 151 enum fd_type type; 152 }; 153 154 struct ctl_script { 155 objid_t host; 156 int retval; 157 struct timeval timeout; 158 char name[HOST_NAME_MAX+1]; 159 char path[PATH_MAX]; 160 }; 161 162 struct ctl_demote { 163 char group[IFNAMSIZ]; 164 int level; 165 }; 166 167 struct ctl_icmp_event { 168 struct relayd *env; 169 int s; 170 int af; 171 int last_up; 172 struct event ev; 173 struct timeval tv_start; 174 }; 175 176 struct ctl_tcp_event { 177 int s; 178 struct ibuf *buf; 179 struct host *host; 180 struct table *table; 181 struct timeval tv_start; 182 struct event ev; 183 int (*validate_read)(struct ctl_tcp_event *); 184 int (*validate_close)(struct ctl_tcp_event *); 185 186 struct tls *tls; 187 }; 188 189 enum direction { 190 RELAY_DIR_INVALID = -1, 191 RELAY_DIR_ANY = 0, 192 RELAY_DIR_REQUEST = 1, 193 RELAY_DIR_RESPONSE = 2 194 }; 195 196 enum relay_state { 197 STATE_INIT, 198 STATE_PENDING, 199 STATE_PRECONNECT, 200 STATE_CONNECTED, 201 STATE_CLOSED, 202 STATE_DONE 203 }; 204 205 struct ctl_relay_event { 206 int s; 207 in_port_t port; 208 struct sockaddr_storage ss; 209 struct bufferevent *bev; 210 struct evbuffer *output; 211 struct ctl_relay_event *dst; 212 struct rsession *con; 213 214 struct tls *tls; 215 struct tls_config *tls_cfg; 216 struct tls *tls_ctx; 217 218 uint8_t *tlscert; 219 size_t tlscert_len; 220 221 off_t splicelen; 222 off_t toread; 223 size_t headerlen; 224 int line; 225 int done; 226 int timedout; 227 enum relay_state state; 228 enum direction dir; 229 230 /* protocol-specific descriptor */ 231 void *desc; 232 }; 233 234 enum httpchunk { 235 TOREAD_UNLIMITED = -1, 236 TOREAD_HTTP_HEADER = -2, 237 TOREAD_HTTP_CHUNK_LENGTH = -3, 238 TOREAD_HTTP_CHUNK_TRAILER = -4 239 }; 240 241 struct ctl_natlook { 242 objid_t id; 243 int proc; 244 245 struct sockaddr_storage src; 246 struct sockaddr_storage dst; 247 struct sockaddr_storage rsrc; 248 struct sockaddr_storage rdst; 249 in_port_t rsport; 250 in_port_t rdport; 251 int in; 252 int proto; 253 }; 254 255 struct ctl_bindany { 256 objid_t bnd_id; 257 int bnd_proc; 258 259 struct sockaddr_storage bnd_ss; 260 in_port_t bnd_port; 261 int bnd_proto; 262 }; 263 264 struct ctl_keyop { 265 char cko_hash[TLS_CERT_HASH_SIZE]; 266 int cko_proc; 267 int cko_flen; 268 int cko_tlen; 269 int cko_padding; 270 u_int cko_cookie; 271 }; 272 273 struct ctl_stats { 274 objid_t id; 275 int proc; 276 277 u_int64_t interval; 278 u_int64_t cnt; 279 u_int32_t tick; 280 u_int32_t avg; 281 u_int32_t last; 282 u_int32_t avg_hour; 283 u_int32_t last_hour; 284 u_int32_t avg_day; 285 u_int32_t last_day; 286 }; 287 288 enum key_option { 289 KEY_OPTION_NONE = 0, 290 KEY_OPTION_APPEND, 291 KEY_OPTION_SET, 292 KEY_OPTION_REMOVE, 293 KEY_OPTION_HASH, 294 KEY_OPTION_LOG, 295 KEY_OPTION_STRIP 296 }; 297 298 enum key_type { 299 KEY_TYPE_NONE = 0, 300 KEY_TYPE_COOKIE, 301 KEY_TYPE_HEADER, 302 KEY_TYPE_PATH, 303 KEY_TYPE_QUERY, 304 KEY_TYPE_URL, 305 KEY_TYPE_MAX 306 }; 307 308 struct ctl_kvlen { 309 ssize_t key; 310 ssize_t value; 311 }; 312 313 struct ctl_rule { 314 struct ctl_kvlen kvlen[KEY_TYPE_MAX]; 315 }; 316 317 enum digest_type { 318 DIGEST_NONE = 0, 319 DIGEST_SHA1 = 1, 320 DIGEST_MD5 = 2 321 }; 322 323 TAILQ_HEAD(kvlist, kv); 324 RB_HEAD(kvtree, kv); 325 326 struct kv { 327 char *kv_key; 328 char *kv_value; 329 330 enum key_type kv_type; 331 enum key_option kv_option; 332 enum digest_type kv_digest; 333 334 #define KV_FLAG_MACRO 0x01 335 #define KV_FLAG_INVALID 0x02 336 #define KV_FLAG_GLOBBING 0x04 337 u_int8_t kv_flags; 338 339 struct kvlist kv_children; 340 struct kv *kv_parent; 341 TAILQ_ENTRY(kv) kv_entry; 342 343 RB_ENTRY(kv) kv_node; 344 345 /* A few pointers used by the rule actions */ 346 struct kv *kv_match; 347 struct kvtree *kv_matchtree; 348 349 TAILQ_ENTRY(kv) kv_match_entry; 350 TAILQ_ENTRY(kv) kv_rule_entry; 351 TAILQ_ENTRY(kv) kv_action_entry; 352 }; 353 354 struct portrange { 355 in_port_t val[2]; 356 u_int8_t op; 357 }; 358 359 struct address { 360 objid_t rdrid; 361 struct sockaddr_storage ss; 362 int ipproto; 363 struct portrange port; 364 char ifname[IFNAMSIZ]; 365 TAILQ_ENTRY(address) entry; 366 }; 367 TAILQ_HEAD(addresslist, address); 368 369 union hashkey { 370 /* Simplified version of pf_poolhashkey */ 371 u_int32_t data[4]; 372 SIPHASH_KEY siphashkey; 373 }; 374 375 #define F_DISABLE 0x00000001 376 #define F_BACKUP 0x00000002 377 #define F_USED 0x00000004 378 #define F_DOWN 0x00000008 379 #define F_ADD 0x00000010 380 #define F_DEL 0x00000020 381 #define F_CHANGED 0x00000040 382 #define F_STICKY 0x00000080 383 #define F_CHECK_DONE 0x00000100 384 #define F_ACTIVE_RULESET 0x00000200 385 #define F_CHECK_SENT 0x00000400 386 #define F_TLS 0x00000800 387 #define F_NATLOOK 0x00001000 388 #define F_DEMOTE 0x00002000 389 #define F_LOOKUP_PATH 0x00004000 390 #define F_DEMOTED 0x00008000 391 #define F_UDP 0x00010000 392 #define F_RETURN 0x00020000 393 #define F_AGENTX 0x00040000 394 #define F_NEEDPF 0x00080000 395 #define F_PORT 0x00100000 396 #define F_TLSCLIENT 0x00200000 397 #define F_NEEDRT 0x00400000 398 #define F_MATCH 0x00800000 399 #define F_DIVERT 0x01000000 400 #define F_SCRIPT 0x02000000 401 #define F_TLSINSPECT 0x04000000 402 #define F_HASHKEY 0x08000000 403 #define F_AGENTX_TRAPONLY 0x10000000 404 #define F_PFLOG 0x20000000 405 406 #define F_BITS \ 407 "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ 408 "\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \ 409 "\14TLS\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \ 410 "\22RETURN\23TRAP\24NEEDPF\25PORT\26TLS_CLIENT\27NEEDRT" \ 411 "\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY" \ 412 "\35AGENTX_TRAPONLY" 413 414 enum forwardmode { 415 FWD_NORMAL = 0, 416 FWD_ROUTE, 417 FWD_TRANS 418 }; 419 420 struct host_config { 421 objid_t id; 422 objid_t parentid; 423 objid_t tableid; 424 int retry; 425 char name[HOST_NAME_MAX+1]; 426 struct sockaddr_storage ss; 427 int ttl; 428 int priority; 429 }; 430 431 struct host { 432 TAILQ_ENTRY(host) entry; 433 TAILQ_ENTRY(host) globalentry; 434 SLIST_ENTRY(host) child; 435 SLIST_HEAD(,host) children; 436 struct host_config conf; 437 u_int32_t flags; 438 char *tablename; 439 int up; 440 int last_up; 441 u_long check_cnt; 442 u_long up_cnt; 443 int retry_cnt; 444 int idx; 445 u_int16_t he; 446 int code; 447 struct ctl_tcp_event cte; 448 }; 449 TAILQ_HEAD(hostlist, host); 450 451 enum host_error { 452 HCE_NONE = 0, 453 HCE_ABORT, 454 HCE_INTERVAL_TIMEOUT, 455 HCE_ICMP_OK, 456 HCE_ICMP_READ_TIMEOUT, 457 HCE_ICMP_WRITE_TIMEOUT, 458 HCE_TCP_SOCKET_ERROR, 459 HCE_TCP_SOCKET_LIMIT, 460 HCE_TCP_SOCKET_OPTION, 461 HCE_TCP_CONNECT_FAIL, 462 HCE_TCP_CONNECT_TIMEOUT, 463 HCE_TCP_CONNECT_OK, 464 HCE_TCP_WRITE_TIMEOUT, 465 HCE_TCP_WRITE_FAIL, 466 HCE_TCP_READ_TIMEOUT, 467 HCE_TCP_READ_FAIL, 468 HCE_SCRIPT_OK, 469 HCE_SCRIPT_FAIL, 470 HCE_TLS_CONNECT_ERROR, 471 HCE_TLS_CONNECT_FAIL, 472 HCE_TLS_CONNECT_OK, 473 HCE_TLS_CONNECT_TIMEOUT, 474 HCE_TLS_READ_TIMEOUT, 475 HCE_TLS_WRITE_TIMEOUT, 476 HCE_TLS_READ_ERROR, 477 HCE_TLS_WRITE_ERROR, 478 HCE_SEND_EXPECT_FAIL, 479 HCE_SEND_EXPECT_OK, 480 HCE_HTTP_CODE_ERROR, 481 HCE_HTTP_CODE_FAIL, 482 HCE_HTTP_CODE_OK, 483 HCE_HTTP_DIGEST_ERROR, 484 HCE_HTTP_DIGEST_FAIL, 485 HCE_HTTP_DIGEST_OK, 486 }; 487 488 enum host_status { 489 HOST_DOWN = -1, 490 HOST_UNKNOWN = 0, 491 HOST_UP = 1 492 }; 493 #define HOST_ISUP(x) (x == HOST_UP) 494 495 struct table_config { 496 objid_t id; 497 objid_t rdrid; 498 u_int32_t flags; 499 int check; 500 char demote_group[IFNAMSIZ]; 501 char ifname[IFNAMSIZ]; 502 struct timeval timeout; 503 in_port_t port; 504 int retcode; 505 int skip_cnt; 506 char name[TABLE_NAME_SIZE]; 507 size_t name_len; 508 char path[PATH_MAX]; 509 unsigned char exbinbuf[128]; 510 char exbuf[256]; 511 char digest[41]; /* length of sha1 digest * 2 */ 512 u_int8_t digest_type; 513 enum forwardmode fwdmode; 514 }; 515 516 struct table { 517 TAILQ_ENTRY(table) entry; 518 struct table_config conf; 519 int up; 520 int skipped; 521 struct hostlist hosts; 522 struct tls_config *tls_cfg; 523 struct ibuf *sendbinbuf; 524 char *sendbuf; 525 }; 526 TAILQ_HEAD(tablelist, table); 527 528 enum table_check { 529 CHECK_NOCHECK = 0, 530 CHECK_ICMP = 1, 531 CHECK_TCP = 2, 532 CHECK_HTTP_CODE = 3, 533 CHECK_HTTP_DIGEST = 4, 534 CHECK_BINSEND_EXPECT = 5, 535 CHECK_SEND_EXPECT = 6, 536 CHECK_SCRIPT = 7 537 }; 538 539 struct rdr_config { 540 objid_t id; 541 u_int32_t flags; 542 in_port_t port; 543 objid_t table_id; 544 objid_t backup_id; 545 int mode; 546 union hashkey key; 547 char name[PF_TABLE_NAME_SIZE]; 548 char tag[PF_TAG_NAME_SIZE]; 549 struct timeval timeout; 550 }; 551 552 struct rdr { 553 TAILQ_ENTRY(rdr) entry; 554 struct rdr_config conf; 555 struct addresslist virts; 556 struct table *table; 557 struct table *backup; /* use this if no host up */ 558 struct ctl_stats stats; 559 }; 560 TAILQ_HEAD(rdrlist, rdr); 561 562 struct rsession { 563 objid_t se_id; 564 objid_t se_relayid; 565 struct sockaddr_storage se_sockname; 566 struct ctl_relay_event se_in; 567 struct ctl_relay_event se_out; 568 void *se_priv; 569 SIPHASH_CTX se_siphashctx; 570 struct relay_table *se_table; 571 struct relay_table *se_table0; 572 struct event se_ev; 573 struct timeval se_timeout; 574 struct timeval se_tv_start; 575 struct timeval se_tv_last; 576 struct event se_inflightevt; 577 int se_done; 578 int se_retry; 579 int se_retrycount; 580 int se_connectcount; 581 int se_haslog; 582 struct evbuffer *se_log; 583 struct relay *se_relay; 584 struct ctl_natlook *se_cnl; 585 int se_bnds; 586 u_int16_t se_tag; 587 u_int16_t se_label; 588 589 int se_cid; 590 pid_t se_pid; 591 SPLAY_ENTRY(rsession) se_nodes; 592 TAILQ_ENTRY(rsession) se_entry; 593 }; 594 SPLAY_HEAD(session_tree, rsession); 595 TAILQ_HEAD(sessionlist, rsession); 596 597 enum prototype { 598 RELAY_PROTO_TCP = 0, 599 RELAY_PROTO_HTTP, 600 RELAY_PROTO_DNS 601 }; 602 603 enum relay_result { 604 RES_DROP = 0, 605 RES_PASS = 1, 606 RES_FAIL = -1, 607 RES_BAD = -2, 608 RES_INTERNAL = -3 609 }; 610 611 enum rule_action { 612 RULE_ACTION_MATCH = 0, 613 RULE_ACTION_PASS, 614 RULE_ACTION_BLOCK 615 }; 616 617 struct rule_addr { 618 struct sockaddr_storage addr; 619 u_int8_t addr_mask; 620 int addr_port; 621 }; 622 623 #define RELAY_ADDR_EQ(_a, _b) \ 624 ((_a)->addr_mask == (_b)->addr_mask && \ 625 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 626 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) == 0) 627 628 #define RELAY_ADDR_CMP(_a, _b) \ 629 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 630 (struct sockaddr *)(_b), (_a)->addr_mask) 631 632 #define RELAY_ADDR_NEQ(_a, _b) \ 633 ((_a)->addr_mask != (_b)->addr_mask || \ 634 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 635 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) != 0) 636 637 #define RELAY_AF_NEQ(_a, _b) \ 638 (((_a) != AF_UNSPEC) && ((_b) != AF_UNSPEC) && \ 639 ((_a) != (_b))) 640 641 struct relay_rule { 642 objid_t rule_id; 643 objid_t rule_protoid; 644 645 u_int rule_action; 646 #define RULE_SKIP_PROTO 0 647 #define RULE_SKIP_DIR 1 648 #define RULE_SKIP_AF 2 649 #define RULE_SKIP_SRC 3 650 #define RULE_SKIP_DST 4 651 #define RULE_SKIP_METHOD 5 652 #define RULE_SKIP_COUNT 6 653 struct relay_rule *rule_skip[RULE_SKIP_COUNT]; 654 655 #define RULE_FLAG_QUICK 0x01 656 u_int8_t rule_flags; 657 658 int rule_label; 659 int rule_tag; 660 int rule_tagged; 661 enum direction rule_dir; 662 u_int rule_proto; 663 int rule_af; 664 struct rule_addr rule_src; 665 struct rule_addr rule_dst; 666 struct relay_table *rule_table; 667 668 u_int rule_method; 669 char rule_labelname[LABEL_NAME_SIZE]; 670 char rule_tablename[TABLE_NAME_SIZE]; 671 char rule_taggedname[TAG_NAME_SIZE]; 672 char rule_tagname[TAG_NAME_SIZE]; 673 674 struct ctl_rule rule_ctl; 675 struct kv rule_kv[KEY_TYPE_MAX]; 676 struct kvlist rule_kvlist; 677 678 TAILQ_ENTRY(relay_rule) rule_entry; 679 }; 680 TAILQ_HEAD(relay_rules, relay_rule); 681 682 #define TCPFLAG_NODELAY 0x01 683 #define TCPFLAG_NNODELAY 0x02 684 #define TCPFLAG_SACK 0x04 685 #define TCPFLAG_NSACK 0x08 686 #define TCPFLAG_BUFSIZ 0x10 687 #define TCPFLAG_IPTTL 0x20 688 #define TCPFLAG_IPMINTTL 0x40 689 #define TCPFLAG_NSPLICE 0x80 690 #define TCPFLAG_DEFAULT 0x00 691 692 #define TCPFLAG_BITS \ 693 "\10\01NODELAY\02NO_NODELAY\03SACK\04NO_SACK" \ 694 "\05SOCKET_BUFFER_SIZE\06IP_TTL\07IP_MINTTL\10NO_SPLICE" 695 696 #define TLSFLAG_SSLV3 0x01 697 #define TLSFLAG_TLSV1_0 0x02 698 #define TLSFLAG_TLSV1_1 0x04 699 #define TLSFLAG_TLSV1_2 0x08 700 #define TLSFLAG_TLSV1_3 0x10 701 #define TLSFLAG_TLSV1 0x1e 702 #define TLSFLAG_VERSION 0x1f 703 #define TLSFLAG_CIPHER_SERVER_PREF 0x20 704 #define TLSFLAG_CLIENT_RENEG 0x40 705 #define TLSFLAG_DEFAULT \ 706 (TLSFLAG_TLSV1_2|TLSFLAG_TLSV1_3|TLSFLAG_CIPHER_SERVER_PREF) 707 708 #define TLSFLAG_BITS \ 709 "\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2\05tlsv1.3" \ 710 "\06cipher-server-preference\07client-renegotiation" 711 712 #define TLSCIPHERS_DEFAULT "HIGH:!aNULL" 713 #define TLSECDHECURVES_DEFAULT "default" 714 #define TLSDHPARAM_DEFAULT "none" 715 716 struct relay_ticket_key { 717 uint32_t tt_keyrev; 718 unsigned char tt_key[TLS_TICKET_KEY_SIZE]; 719 }; 720 #define TLS_SESSION_LIFETIME (2 * 3600) 721 722 #define HTTPFLAG_WEBSOCKETS 0x01 723 724 struct keyname { 725 TAILQ_ENTRY(keyname) entry; 726 char *name; 727 }; 728 TAILQ_HEAD(keynamelist, keyname); 729 730 struct protocol { 731 objid_t id; 732 u_int32_t flags; 733 u_int8_t tcpflags; 734 int tcpbufsiz; 735 int tcpbacklog; 736 u_int8_t tcpipttl; 737 u_int8_t tcpipminttl; 738 size_t httpheaderlen; 739 int httpflags; 740 u_int8_t tlsflags; 741 char tlsciphers[768]; 742 char tlsdhparams[128]; 743 char tlsecdhecurves[128]; 744 char tlsca[PATH_MAX]; 745 char tlscacert[PATH_MAX]; 746 char tlscakey[PATH_MAX]; 747 char *tlscapass; 748 char tlsclientca[PATH_MAX]; 749 struct keynamelist tlscerts; 750 char name[MAX_NAME_SIZE]; 751 int tickets; 752 enum prototype type; 753 char *style; 754 755 int (*cmp)(struct rsession *, struct rsession *); 756 void *(*validate)(struct rsession *, struct relay *, 757 struct sockaddr_storage *, 758 u_int8_t *, size_t); 759 int (*request)(struct rsession *); 760 void (*close)(struct rsession *); 761 762 struct relay_rules rules; 763 int rulecount; 764 765 TAILQ_ENTRY(protocol) entry; 766 }; 767 TAILQ_HEAD(protolist, protocol); 768 769 struct relay_table { 770 struct table *rlt_table; 771 u_int32_t rlt_flags; 772 int rlt_mode; 773 u_int32_t rlt_index; 774 struct host *rlt_host[RELAY_MAXHOSTS]; 775 int rlt_nhosts; 776 TAILQ_ENTRY(relay_table) rlt_entry; 777 }; 778 TAILQ_HEAD(relaytables, relay_table); 779 780 struct ca_pkey { 781 char pkey_hash[TLS_CERT_HASH_SIZE]; 782 EVP_PKEY *pkey; 783 TAILQ_ENTRY(ca_pkey) pkey_entry; 784 }; 785 TAILQ_HEAD(ca_pkeylist, ca_pkey); 786 787 struct relay_cert { 788 objid_t cert_id; 789 objid_t cert_relayid; 790 int cert_fd; 791 int cert_key_fd; 792 int cert_ocsp_fd; 793 EVP_PKEY *cert_pkey; 794 TAILQ_ENTRY(relay_cert) cert_entry; 795 }; 796 TAILQ_HEAD(relaycertlist, relay_cert); 797 798 struct relay_config { 799 objid_t id; 800 u_int32_t flags; 801 objid_t proto; 802 char name[HOST_NAME_MAX+1]; 803 in_port_t port; 804 in_port_t dstport; 805 int dstretry; 806 struct sockaddr_storage ss; 807 struct sockaddr_storage dstss; 808 struct sockaddr_storage dstaf; 809 struct timeval timeout; 810 enum forwardmode fwdmode; 811 union hashkey hashkey; 812 off_t tls_cakey_len; 813 }; 814 815 struct relay { 816 TAILQ_ENTRY(relay) rl_entry; 817 struct relay_config rl_conf; 818 819 int rl_up; 820 struct protocol *rl_proto; 821 int rl_s; 822 struct bufferevent *rl_bev; 823 824 int rl_dsts; 825 struct bufferevent *rl_dstbev; 826 827 struct relaytables rl_tables; 828 829 struct event rl_ev; 830 struct event rl_evt; 831 832 struct tls_config *rl_tls_cfg; 833 struct tls_config *rl_tls_client_cfg; 834 struct tls *rl_tls_ctx; 835 836 int rl_tls_ca_fd; 837 int rl_tls_cacert_fd; 838 int rl_tls_client_ca_fd; 839 EVP_PKEY *rl_tls_pkey; 840 X509 *rl_tls_cacertx509; 841 char *rl_tls_cakey; 842 EVP_PKEY *rl_tls_capkey; 843 844 struct ctl_stats rl_stats[PROC_MAX_INSTANCES + 1]; 845 846 struct session_tree rl_sessions; 847 }; 848 TAILQ_HEAD(relaylist, relay); 849 850 enum dstmode { 851 RELAY_DSTMODE_LOADBALANCE = 0, 852 RELAY_DSTMODE_ROUNDROBIN, 853 RELAY_DSTMODE_HASH, 854 RELAY_DSTMODE_SRCHASH, 855 RELAY_DSTMODE_LEASTSTATES, 856 RELAY_DSTMODE_RANDOM 857 }; 858 #define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN 859 860 struct netroute_config { 861 objid_t id; 862 struct sockaddr_storage ss; 863 int prefixlen; 864 objid_t routerid; 865 }; 866 867 struct netroute { 868 struct netroute_config nr_conf; 869 870 TAILQ_ENTRY(netroute) nr_entry; 871 TAILQ_ENTRY(netroute) nr_route; 872 873 struct router *nr_router; 874 }; 875 TAILQ_HEAD(netroutelist, netroute); 876 877 struct router_config { 878 objid_t id; 879 u_int32_t flags; 880 char name[HOST_NAME_MAX+1]; 881 char label[RT_LABEL_SIZE]; 882 int nroutes; 883 objid_t gwtable; 884 in_port_t gwport; 885 int rtable; 886 int af; 887 }; 888 889 struct router { 890 struct router_config rt_conf; 891 892 struct table *rt_gwtable; 893 struct netroutelist rt_netroutes; 894 895 TAILQ_ENTRY(router) rt_entry; 896 }; 897 TAILQ_HEAD(routerlist, router); 898 899 struct ctl_netroute { 900 int up; 901 struct host_config host; 902 struct netroute_config nr; 903 struct router_config rt; 904 }; 905 906 /* initially control.h */ 907 struct control_sock { 908 const char *cs_name; 909 struct event cs_ev; 910 struct event cs_evt; 911 int cs_fd; 912 int cs_restricted; 913 void *cs_env; 914 915 TAILQ_ENTRY(control_sock) cs_entry; 916 }; 917 TAILQ_HEAD(control_socks, control_sock); 918 919 struct imsgev { 920 struct imsgbuf ibuf; 921 void (*handler)(int, short, void *); 922 struct event ev; 923 struct privsep_proc *proc; 924 void *data; 925 short events; 926 }; 927 928 #define IMSG_SIZE_CHECK(imsg, p) do { \ 929 if (IMSG_DATA_SIZE(imsg) < sizeof(*p)) \ 930 fatalx("bad length imsg received"); \ 931 } while (0) 932 #define IMSG_DATA_SIZE(imsg) ((imsg)->hdr.len - IMSG_HEADER_SIZE) 933 934 struct ctl_conn { 935 TAILQ_ENTRY(ctl_conn) entry; 936 u_int8_t flags; 937 u_int waiting; 938 #define CTL_CONN_NOTIFY 0x01 939 struct imsgev iev; 940 941 }; 942 TAILQ_HEAD(ctl_connlist, ctl_conn); 943 944 enum imsg_type { 945 IMSG_NONE, 946 IMSG_CTL_OK, /* answer to relayctl requests */ 947 IMSG_CTL_FAIL, 948 IMSG_CTL_VERBOSE, 949 IMSG_CTL_PROCFD, 950 IMSG_CTL_END, 951 IMSG_CTL_RDR, 952 IMSG_CTL_TABLE, 953 IMSG_CTL_HOST, 954 IMSG_CTL_RELAY, 955 IMSG_CTL_SESSION, 956 IMSG_CTL_ROUTER, 957 IMSG_CTL_NETROUTE, 958 IMSG_CTL_TABLE_CHANGED, 959 IMSG_CTL_PULL_RULESET, 960 IMSG_CTL_PUSH_RULESET, 961 IMSG_CTL_SHOW_SUM, /* relayctl requests */ 962 IMSG_CTL_RDR_ENABLE, 963 IMSG_CTL_RDR_DISABLE, 964 IMSG_CTL_TABLE_ENABLE, 965 IMSG_CTL_TABLE_DISABLE, 966 IMSG_CTL_HOST_ENABLE, 967 IMSG_CTL_HOST_DISABLE, 968 IMSG_CTL_SHUTDOWN, 969 IMSG_CTL_START, 970 IMSG_CTL_RELOAD, 971 IMSG_CTL_RESET, 972 IMSG_CTL_POLL, 973 IMSG_CTL_NOTIFY, 974 IMSG_CTL_RDR_STATS, 975 IMSG_CTL_RELAY_STATS, 976 IMSG_RDR_ENABLE, /* notifies from pfe to hce */ 977 IMSG_RDR_DISABLE, 978 IMSG_TABLE_ENABLE, 979 IMSG_TABLE_DISABLE, 980 IMSG_HOST_ENABLE, 981 IMSG_HOST_DISABLE, 982 IMSG_HOST_STATUS, /* notifies from hce to pfe */ 983 IMSG_SYNC, 984 IMSG_NATLOOK, 985 IMSG_DEMOTE, 986 IMSG_STATISTICS, 987 IMSG_SCRIPT, 988 IMSG_AGENTXSOCK, 989 IMSG_BINDANY, 990 IMSG_RTMSG, /* from pfe to parent */ 991 IMSG_CFG_TABLE, /* configuration from parent */ 992 IMSG_CFG_HOST, 993 IMSG_CFG_RDR, 994 IMSG_CFG_VIRT, 995 IMSG_CFG_ROUTER, 996 IMSG_CFG_ROUTE, 997 IMSG_CFG_PROTO, 998 IMSG_CFG_RULE, 999 IMSG_CFG_RELAY, 1000 IMSG_CFG_RELAY_TABLE, 1001 IMSG_CFG_RELAY_CERT, 1002 IMSG_CFG_RELAY_FD, 1003 IMSG_CFG_DONE, 1004 IMSG_CA_PRIVENC, 1005 IMSG_CA_PRIVDEC, 1006 IMSG_SESS_PUBLISH, /* from relay to pfe */ 1007 IMSG_SESS_UNPUBLISH, 1008 IMSG_TLSTICKET_REKEY 1009 }; 1010 1011 enum privsep_procid { 1012 PROC_ALL = -1, 1013 PROC_PARENT = 0, 1014 PROC_HCE, 1015 PROC_RELAY, 1016 PROC_PFE, 1017 PROC_CA, 1018 PROC_MAX 1019 }; 1020 extern enum privsep_procid privsep_process; 1021 1022 /* Attach the control socket to the following process */ 1023 #define PROC_CONTROL PROC_PFE 1024 1025 struct privsep_pipes { 1026 int *pp_pipes[PROC_MAX]; 1027 }; 1028 1029 struct privsep { 1030 struct privsep_pipes *ps_pipes[PROC_MAX]; 1031 struct privsep_pipes *ps_pp; 1032 1033 struct imsgev *ps_ievs[PROC_MAX]; 1034 const char *ps_title[PROC_MAX]; 1035 u_int8_t ps_what[PROC_MAX]; 1036 1037 u_int ps_instances[PROC_MAX]; 1038 u_int ps_instance; 1039 1040 struct control_sock ps_csock; 1041 struct control_socks ps_rcsocks; 1042 1043 /* Event and signal handlers */ 1044 struct event ps_evsigint; 1045 struct event ps_evsigterm; 1046 struct event ps_evsigchld; 1047 struct event ps_evsighup; 1048 struct event ps_evsigpipe; 1049 struct event ps_evsigusr1; 1050 1051 int ps_noaction; 1052 struct passwd *ps_pw; 1053 struct relayd *ps_env; 1054 }; 1055 1056 struct privsep_proc { 1057 const char *p_title; 1058 enum privsep_procid p_id; 1059 int (*p_cb)(int, struct privsep_proc *, 1060 struct imsg *); 1061 void (*p_init)(struct privsep *, 1062 struct privsep_proc *); 1063 const char *p_chroot; 1064 struct privsep *p_ps; 1065 void (*p_shutdown)(void); 1066 struct passwd *p_pw; 1067 }; 1068 1069 struct privsep_fd { 1070 enum privsep_procid pf_procid; 1071 unsigned int pf_instance; 1072 }; 1073 1074 struct relayd_config { 1075 char tls_sid[SSL_MAX_SID_CTX_LENGTH]; 1076 char agentx_path[sizeof(((struct sockaddr_un *)NULL)->sun_path)]; 1077 char agentx_context[32]; 1078 struct timeval interval; 1079 struct timeval timeout; 1080 struct timeval statinterval; 1081 u_int16_t prefork_relay; 1082 u_int16_t opts; 1083 u_int32_t flags; 1084 }; 1085 1086 struct pfdata { 1087 int dev; 1088 struct pf_anchor *anchor; 1089 struct pfioc_trans pft; 1090 struct pfioc_trans_e pfte; 1091 u_int8_t pfused; 1092 }; 1093 1094 struct relayd { 1095 struct relayd_config sc_conf; 1096 const char *sc_conffile; 1097 struct pfdata *sc_pf; 1098 int sc_rtsock; 1099 int sc_rtseq; 1100 int sc_tablecount; 1101 int sc_rdrcount; 1102 int sc_protocount; 1103 int sc_relaycount; 1104 int sc_routercount; 1105 int sc_routecount; 1106 struct table sc_empty_table; 1107 struct protocol sc_proto_default; 1108 struct event sc_ev; 1109 struct tablelist *sc_tables; 1110 struct hostlist sc_hosts; 1111 struct rdrlist *sc_rdrs; 1112 struct protolist *sc_protos; 1113 struct relaylist *sc_relays; 1114 struct routerlist *sc_rts; 1115 struct netroutelist *sc_routes; 1116 struct ca_pkeylist *sc_pkeys; 1117 struct relaycertlist *sc_certs; 1118 struct sessionlist sc_sessions; 1119 char sc_demote_group[IFNAMSIZ]; 1120 u_int16_t sc_id; 1121 int sc_rtable; 1122 1123 struct event sc_statev; 1124 1125 struct event sc_agentxev; 1126 1127 int sc_has_icmp; 1128 int sc_has_icmp6; 1129 struct ctl_icmp_event sc_icmp_send; 1130 struct ctl_icmp_event sc_icmp_recv; 1131 struct ctl_icmp_event sc_icmp6_send; 1132 struct ctl_icmp_event sc_icmp6_recv; 1133 1134 struct relay_ticket_key sc_ticket; 1135 1136 struct privsep *sc_ps; 1137 int sc_reload; 1138 }; 1139 1140 #define RELAYD_OPT_VERBOSE 0x01 1141 #define RELAYD_OPT_NOACTION 0x04 1142 #define RELAYD_OPT_LOGUPDATE 0x08 1143 #define RELAYD_OPT_LOGHOSTCHECK 0x10 1144 #define RELAYD_OPT_LOGCON 0x20 1145 #define RELAYD_OPT_LOGCONERR 0x40 1146 1147 /* control.c */ 1148 int control_init(struct privsep *, struct control_sock *); 1149 int control_listen(struct control_sock *); 1150 void control_cleanup(struct control_sock *); 1151 void control_dispatch_imsg(int, short, void *); 1152 void control_imsg_forward(struct privsep *ps, struct imsg *); 1153 struct ctl_conn * 1154 control_connbyfd(int); 1155 1156 /* parse.y */ 1157 int parse_config(const char *, struct relayd *); 1158 int load_config(const char *, struct relayd *); 1159 int cmdline_symset(char *); 1160 1161 /* util.c */ 1162 const char *host_error(enum host_error); 1163 const char *host_status(enum host_status); 1164 const char *table_check(enum table_check); 1165 #ifdef DEBUG 1166 const char *relay_state(enum relay_state); 1167 #endif 1168 const char *print_availability(u_long, u_long); 1169 const char *print_host(struct sockaddr_storage *, char *, size_t); 1170 const char *print_time(struct timeval *, struct timeval *, char *, size_t); 1171 const char *printb_flags(const u_int32_t, const char *); 1172 void getmonotime(struct timeval *); 1173 struct ibuf *string2binary(const char *); 1174 void print_hex(uint8_t *, off_t, size_t); 1175 void print_debug(const char *, ...); 1176 1177 /* pfe.c */ 1178 void pfe(struct privsep *, struct privsep_proc *); 1179 void show(struct ctl_conn *); 1180 void show_sessions(struct ctl_conn *); 1181 int enable_rdr(struct ctl_conn *, struct ctl_id *); 1182 int enable_table(struct ctl_conn *, struct ctl_id *); 1183 int enable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1184 int disable_rdr(struct ctl_conn *, struct ctl_id *); 1185 int disable_table(struct ctl_conn *, struct ctl_id *); 1186 int disable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1187 1188 /* pfe_filter.c */ 1189 void init_tables(struct relayd *); 1190 void flush_table(struct relayd *, struct rdr *); 1191 void sync_table(struct relayd *, struct rdr *, struct table *); 1192 void sync_ruleset(struct relayd *, struct rdr *, int); 1193 void flush_rulesets(struct relayd *); 1194 int natlook(struct relayd *, struct ctl_natlook *); 1195 u_int64_t 1196 check_table(struct relayd *, struct rdr *, struct table *); 1197 1198 /* pfe_route.c */ 1199 void init_routes(struct relayd *); 1200 void sync_routes(struct relayd *, struct router *); 1201 int pfe_route(struct relayd *, struct ctl_netroute *); 1202 1203 /* hce.c */ 1204 void hce(struct privsep *, struct privsep_proc *); 1205 void hce_notify_done(struct host *, enum host_error); 1206 1207 /* relay.c */ 1208 void relay(struct privsep *, struct privsep_proc *); 1209 int relay_privinit(struct relay *); 1210 int relay_session_cmp(struct rsession *, struct rsession *); 1211 void relay_close(struct rsession *, const char *, int); 1212 int relay_reset_event(struct rsession *, struct ctl_relay_event *); 1213 void relay_natlook(int, short, void *); 1214 void relay_session(struct rsession *); 1215 int relay_from_table(struct rsession *); 1216 int relay_socket_af(struct sockaddr_storage *, in_port_t); 1217 in_port_t 1218 relay_socket_getport(struct sockaddr_storage *); 1219 int relay_cmp_af(struct sockaddr_storage *, 1220 struct sockaddr_storage *); 1221 void relay_write(struct bufferevent *, void *); 1222 void relay_read(struct bufferevent *, void *); 1223 int relay_splice(struct ctl_relay_event *); 1224 int relay_splicelen(struct ctl_relay_event *); 1225 int relay_spliceadjust(struct ctl_relay_event *); 1226 void relay_error(struct bufferevent *, short, void *); 1227 int relay_preconnect(struct rsession *); 1228 int relay_connect(struct rsession *); 1229 void relay_connected(int, short, void *); 1230 void relay_bindanyreq(struct rsession *, in_port_t, int); 1231 void relay_bindany(int, short, void *); 1232 void relay_dump(struct ctl_relay_event *, const void *, size_t); 1233 int relay_bufferevent_add(struct event *, int); 1234 int relay_bufferevent_print(struct ctl_relay_event *, const char *); 1235 int relay_bufferevent_write_buffer(struct ctl_relay_event *, 1236 struct evbuffer *); 1237 int relay_bufferevent_write_chunk(struct ctl_relay_event *, 1238 struct evbuffer *, size_t); 1239 int relay_bufferevent_write(struct ctl_relay_event *, 1240 void *, size_t); 1241 int relay_test(struct protocol *, struct ctl_relay_event *); 1242 void relay_calc_skip_steps(struct relay_rules *); 1243 void relay_match(struct kvlist *, struct kv *, struct kv *, 1244 struct kvtree *); 1245 void relay_session_publish(struct rsession *); 1246 void relay_session_unpublish(struct rsession *); 1247 1248 SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp); 1249 1250 /* relay_http.c */ 1251 void relay_http(struct relayd *); 1252 void relay_http_init(struct relay *); 1253 void relay_abort_http(struct rsession *, u_int, const char *, 1254 u_int16_t); 1255 void relay_read_http(struct bufferevent *, void *); 1256 void relay_close_http(struct rsession *); 1257 u_int relay_httpmethod_byname(const char *); 1258 const char 1259 *relay_httpmethod_byid(u_int); 1260 const char 1261 *relay_httperror_byid(u_int); 1262 int relay_http_priv_init(struct rsession *); 1263 int relay_httpdesc_init(struct ctl_relay_event *); 1264 ssize_t relay_http_time(time_t, char *, size_t); 1265 1266 /* relay_udp.c */ 1267 void relay_udp_privinit(struct relay *); 1268 void relay_udp_init(struct relayd *, struct relay *); 1269 int relay_udp_bind(struct sockaddr_storage *, in_port_t, 1270 struct protocol *); 1271 void relay_udp_server(int, short, void *); 1272 1273 /* check_icmp.c */ 1274 void icmp_init(struct relayd *); 1275 void schedule_icmp(struct relayd *, struct host *); 1276 void check_icmp(struct relayd *, struct timeval *); 1277 1278 /* check_tcp.c */ 1279 void check_tcp(struct ctl_tcp_event *); 1280 1281 /* check_tls.c */ 1282 void check_tls(struct ctl_tcp_event *); 1283 1284 /* check_script.c */ 1285 void check_script(struct relayd *, struct host *); 1286 void script_done(struct relayd *, struct ctl_script *); 1287 int script_exec(struct relayd *, struct ctl_script *); 1288 1289 /* ssl.c */ 1290 char *ssl_load_key(struct relayd *, const char *, off_t *, char *); 1291 uint8_t *ssl_update_certificate(const uint8_t *, size_t, EVP_PKEY *, 1292 EVP_PKEY *, X509 *, size_t *); 1293 int ssl_load_pkey(char *, off_t, X509 **, EVP_PKEY **); 1294 1295 /* ca.c */ 1296 void ca(struct privsep *, struct privsep_proc *); 1297 void ca_engine_init(struct relayd *); 1298 void hash_x509(X509 *cert, char *hash, size_t hashlen); 1299 1300 /* relayd.c */ 1301 struct host *host_find(struct relayd *, objid_t); 1302 struct table *table_find(struct relayd *, objid_t); 1303 struct rdr *rdr_find(struct relayd *, objid_t); 1304 struct netroute *route_find(struct relayd *, objid_t); 1305 struct router *router_find(struct relayd *, objid_t); 1306 struct host *host_findbyname(struct relayd *, const char *); 1307 struct table *table_findbyname(struct relayd *, const char *); 1308 struct table *table_findbyconf(struct relayd *, struct table *); 1309 struct rdr *rdr_findbyname(struct relayd *, const char *); 1310 void event_again(struct event *, int, short, 1311 void (*)(int, short, void *), 1312 struct timeval *, struct timeval *, void *); 1313 struct relay *relay_find(struct relayd *, objid_t); 1314 struct protocol *proto_find(struct relayd *, objid_t); 1315 struct rsession *session_find(struct relayd *, objid_t); 1316 struct relay *relay_findbyname(struct relayd *, const char *); 1317 struct relay *relay_findbyaddr(struct relayd *, struct relay_config *); 1318 EVP_PKEY *pkey_find(struct relayd *, char *hash); 1319 struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, char *hash); 1320 struct relay_cert *cert_add(struct relayd *, objid_t); 1321 struct relay_cert *cert_find(struct relayd *, objid_t); 1322 char *relay_load_fd(int, off_t *); 1323 int relay_load_certfiles(struct relayd *, struct relay *, 1324 const char *); 1325 int expand_string(char *, size_t, const char *, const char *); 1326 void translate_string(char *); 1327 void purge_key(char **, off_t); 1328 void purge_table(struct relayd *, struct tablelist *, 1329 struct table *); 1330 void purge_relay(struct relayd *, struct relay *); 1331 char *digeststr(enum digest_type, const u_int8_t *, size_t, char *); 1332 const char *canonicalize_host(const char *, char *, size_t); 1333 int parse_url(const char *, char **, char **, char **); 1334 int map6to4(struct sockaddr_storage *); 1335 int map4to6(struct sockaddr_storage *, struct sockaddr_storage *); 1336 void imsg_event_add(struct imsgev *); 1337 int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t, 1338 pid_t, int, void *, u_int16_t); 1339 void socket_rlimit(int); 1340 char *get_string(u_int8_t *, size_t); 1341 void *get_data(u_int8_t *, size_t); 1342 int sockaddr_cmp(struct sockaddr *, struct sockaddr *, int); 1343 struct in6_addr *prefixlen2mask6(u_int8_t, u_int32_t *); 1344 u_int32_t prefixlen2mask(u_int8_t); 1345 int accept_reserve(int, struct sockaddr *, socklen_t *, int, 1346 volatile int *); 1347 struct kv *kv_add(struct kvtree *, char *, char *, int); 1348 int kv_set(struct kv *, char *, ...) 1349 __attribute__((__format__ (printf, 2, 3))); 1350 int kv_setkey(struct kv *, char *, ...) 1351 __attribute__((__format__ (printf, 2, 3))); 1352 void kv_delete(struct kvtree *, struct kv *); 1353 struct kv *kv_extend(struct kvtree *, struct kv *, char *); 1354 void kv_purge(struct kvtree *); 1355 void kv_free(struct kv *); 1356 struct kv *kv_inherit(struct kv *, struct kv *); 1357 void relay_log(struct rsession *, char *); 1358 int kv_log(struct rsession *, struct kv *, u_int16_t, 1359 enum direction); 1360 struct kv *kv_find(struct kvtree *, struct kv *); 1361 struct kv *kv_find_value(struct kvtree *, char *, const char *, 1362 const char *); 1363 int kv_cmp(struct kv *, struct kv *); 1364 int rule_add(struct protocol *, struct relay_rule *, const char 1365 *); 1366 void rule_delete(struct relay_rules *, struct relay_rule *); 1367 void rule_free(struct relay_rule *); 1368 struct relay_rule 1369 *rule_inherit(struct relay_rule *); 1370 void rule_settable(struct relay_rules *, struct relay_table *); 1371 RB_PROTOTYPE(kvtree, kv, kv_node, kv_cmp); 1372 1373 /* carp.c */ 1374 int carp_demote_init(char *, int); 1375 void carp_demote_shutdown(void); 1376 int carp_demote_get(char *); 1377 int carp_demote_set(char *, int); 1378 int carp_demote_reset(char *, int); 1379 1380 /* name2id.c */ 1381 u_int16_t label_name2id(const char *); 1382 const char *label_id2name(u_int16_t); 1383 void label_unref(u_int16_t); 1384 void label_ref(u_int16_t); 1385 u_int16_t tag_name2id(const char *); 1386 const char *tag_id2name(u_int16_t); 1387 void tag_unref(u_int16_t); 1388 void tag_ref(u_int16_t); 1389 1390 /* agentx_control.c */ 1391 void agentx_init(struct relayd *); 1392 void agentx_setsock(struct relayd *, enum privsep_procid); 1393 void agentx_getsock(struct imsg *); 1394 void snmp_hosttrap(struct relayd *, struct table *, struct host *); 1395 1396 /* shuffle.c */ 1397 void shuffle_init(struct shuffle *); 1398 u_int16_t shuffle_generate16(struct shuffle *); 1399 1400 /* log.c */ 1401 void log_init(int, int); 1402 void log_procinit(const char *); 1403 void log_setverbose(int); 1404 int log_getverbose(void); 1405 void log_warn(const char *, ...) 1406 __attribute__((__format__ (printf, 1, 2))); 1407 void log_warnx(const char *, ...) 1408 __attribute__((__format__ (printf, 1, 2))); 1409 void log_info(const char *, ...) 1410 __attribute__((__format__ (printf, 1, 2))); 1411 void log_debug(const char *, ...) 1412 __attribute__((__format__ (printf, 1, 2))); 1413 void logit(int, const char *, ...) 1414 __attribute__((__format__ (printf, 2, 3))); 1415 void vlog(int, const char *, va_list) 1416 __attribute__((__format__ (printf, 2, 0))); 1417 __dead void fatal(const char *, ...) 1418 __attribute__((__format__ (printf, 1, 2))); 1419 __dead void fatalx(const char *, ...) 1420 __attribute__((__format__ (printf, 1, 2))); 1421 1422 /* proc.c */ 1423 enum privsep_procid 1424 proc_getid(struct privsep_proc *, unsigned int, const char *); 1425 int proc_flush_imsg(struct privsep *, enum privsep_procid, int); 1426 void proc_init(struct privsep *, struct privsep_proc *, unsigned int, int, 1427 int, char **, enum privsep_procid); 1428 void proc_kill(struct privsep *); 1429 void proc_connect(struct privsep *); 1430 void proc_dispatch(int, short event, void *); 1431 void proc_run(struct privsep *, struct privsep_proc *, 1432 struct privsep_proc *, unsigned int, 1433 void (*)(struct privsep *, struct privsep_proc *, void *), void *); 1434 void proc_range(struct privsep *, enum privsep_procid, int *, int *); 1435 int proc_compose_imsg(struct privsep *, enum privsep_procid, int, 1436 u_int16_t, u_int32_t, int, void *, u_int16_t); 1437 int proc_compose(struct privsep *, enum privsep_procid, 1438 uint16_t, void *, uint16_t); 1439 int proc_composev_imsg(struct privsep *, enum privsep_procid, int, 1440 u_int16_t, u_int32_t, int, const struct iovec *, int); 1441 int proc_composev(struct privsep *, enum privsep_procid, 1442 uint16_t, const struct iovec *, int); 1443 int proc_forward_imsg(struct privsep *, struct imsg *, 1444 enum privsep_procid, int); 1445 struct imsgbuf * 1446 proc_ibuf(struct privsep *, enum privsep_procid, int); 1447 struct imsgev * 1448 proc_iev(struct privsep *, enum privsep_procid, int); 1449 void imsg_event_add(struct imsgev *); 1450 int imsg_compose_event(struct imsgev *, uint16_t, uint32_t, 1451 pid_t, int, void *, uint16_t); 1452 int imsg_composev_event(struct imsgev *, uint16_t, uint32_t, 1453 pid_t, int, const struct iovec *, int); 1454 1455 /* config.c */ 1456 int config_init(struct relayd *); 1457 void config_purge(struct relayd *, u_int); 1458 int config_setreset(struct relayd *, u_int); 1459 int config_getreset(struct relayd *, struct imsg *); 1460 int config_getcfg(struct relayd *, struct imsg *); 1461 int config_settable(struct relayd *, struct table *); 1462 int config_gettable(struct relayd *, struct imsg *); 1463 int config_gethost(struct relayd *, struct imsg *); 1464 int config_setrdr(struct relayd *, struct rdr *); 1465 int config_getrdr(struct relayd *, struct imsg *); 1466 int config_getvirt(struct relayd *, struct imsg *); 1467 int config_setrt(struct relayd *, struct router *); 1468 int config_getrt(struct relayd *, struct imsg *); 1469 int config_getroute(struct relayd *, struct imsg *); 1470 int config_setproto(struct relayd *, struct protocol *); 1471 int config_getproto(struct relayd *, struct imsg *); 1472 int config_setrule(struct relayd *, struct protocol *); 1473 int config_getrule(struct relayd *, struct imsg *); 1474 int config_setrelay(struct relayd *, struct relay *); 1475 int config_getrelay(struct relayd *, struct imsg *); 1476 int config_getrelaytable(struct relayd *, struct imsg *); 1477 int config_getrelayfd(struct relayd *, struct imsg *); 1478 1479 #endif /* RELAYD_H */ 1480